Search:

Peku006,
Sorry for the delay in replying, works sent me out of town for a few days.

Anyway, here is the log.

Raimen


Malwarebytes' Anti-Malware 1.44
Database version: 3531

Hi Peku006,

Yes I did. The only log I could find was in the C:\ComboFix directory and it did not look like it would help at all.

On a side note, the redirects are gone. When I do a Google...

I downloaded and ran Combofix.
It found rootkit activity and restarted the computer.
When it rebooted, I got the BSOD because of mbr.sys.
I shut it off and rebooted, everything seems OK but, no...

Hi and thank you.
Here is the RSIT logs

Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris at 2010-01-04 12:37:45
Microsoft Windows XP...

I will not have access to the computer until after new year's day. If we need to close this thread and restart after then I will understand, let me know what to do.

Thank you

Raimen

After running basic tests (spybot) and a few online scans I cannot seem to locate the source of my browesr redirects.
Short version - when I click a link in a search result (Google, Bing) I get...

I'm not sure. It was running all day and no pop ups came up. I'll have the wife use it tonight and see what she thinks.

Thank you very much.

Raimen

I meant turning off windows firewall and auto updates....
:oops:

Yes I ran combofix just before I saw your reply. It helped get rid of whatever was turning of my windows firewall and automatic updates.

I followed your instructions and here are the results.
...

Katana,
No problems with the wait, I have noticed a definite increase in virtumonde there are two computers at work that are infected...

Log.txt

Logfile of random's system information tool...

My wife brought me her laptop and informed me that she had an infection.
"Happy new year to me"
I ran MalwareBytes and AVG. Both removed something and all seems well now but I'd like to know if...

Combofix in uninstalled,
System restore is stopped and restarted.

My child is properly punished. (NO CPU for 1 month)

and everything is back to normal as far as I can tell.

you can close...

:oops:

Malware Bytes log

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/9/2008 9:34:12 AM
mbam-log-2008-12-09 (09-34-12).txt

Maleware Bytes log

First,
Java(TM) 6 Update 5 - failed during the uninstall, I removed it manually.
Limewire - I uninstalled this before posting. the uninstall info had not been removed from the control panel. When...

Here is the uninstall list.

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update

Here is the Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:14 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00...

I finished everything you said.

FYI with IE 7 the IE settings you recommended are the default settings in medium-high.


Thank you very much!!!

Yes Please

However popcaploader.dll seems to have been removed, I did not find the file there and I ran a search for it and it was not in the windows folder.

I think that is all the system is working a lot...

HJT ran ALOT faster this time


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 13, 2008
Operating System:...

This time I'm sure I included "FILE::"

ComboFix 08-08-10.05 - Hannah 2008-08-12 8:18:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.128 [GMT -7:00]
Running from:...

Come to think of it, I may have missed the line "FILE::"

I'll try again.

When I went to log off the computer, the program dsc.exe was not responding and needed to be "ended"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:34 AM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
...

ComboFix 08-08-10.05 - Hannah 2008-08-12 6:53:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.99 [GMT -7:00]
Running from: C:\ESM\ComboFix.exe
Command switches used ::...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:54 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
...

ComboFix 08-08-10.05 - Hannah 2008-08-11 8:53:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.97 [GMT -7:00]
Running from: C:\ESM\ComboFix.exe
Command switches used ::...

I'm having issues installing the recovery console. I'll get a different version of XP from work in the morning and try again.

Thanks for your patience.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:56 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
...

I ran Spybot this morning and this is the log from it.

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Virtumonde: [SBI...

Here is the Vundofix log from the last time I ran it. It is not helpful so I think that although SpyBot S&D detected Vitrumunde it is not my only problem.


VundoFix V7.0.6

Scan started at...

I ran SpyBot and removed the Virtumonde infection but something is still on the computer. I have run Fixvundo with not result. when I tried to run smitfraudfix Norton finally reported that there was...